Trust Delegation
What is Trust Delegation?
Trust delegation is the process of allowing a human user to transfer a bounded subset of their own authority to an autonomous AI agent. The agent receives a delegated token — a short-lived credential that carries the agent's identity and only the exact permissions the user has explicitly granted.
The agent cannot expand its own access, request permissions it hasn't been assigned, or act outside the scope you define. Every action it takes is explicitly authorized and traceable back to your configuration.
Why Trust Delegation Matters
AI agents often need to act on behalf of users — reading data, calling APIs, writing results — but granting an agent full user-level access creates risk. Trust delegation solves this by enforcing least privilege at the token level:
| Without Trust Delegation | With Trust Delegation |
|---|---|
| Agent inherits broad user permissions | Agent receives only the scopes it needs |
| Hard to audit what the agent did | Every token carry explicit claims |
| Credential compromise = full access | Compromise limited to scoped, short-lived token |
| Manual revocation required | Tokens expire automatically |
Key Concepts
Delegated Token A short-lived OAuth 2.0 token issued to an agent. It contains only the permissions that pass all three checks: assigned via a role binding, listed in the client's allowed scopes, and explicitly requested by the agent.
Role Binding Links a specific agent identity (its client ID) to a role. The role defines what the agent is allowed to do — but this alone does not grant access.
Allowed Scopes A list on the client entry that caps what the agent can ask for in a token request. Even if the agent's role includes additional permissions, it can only request what is in this list.
SPIFFE Identity
Each agent is issued a cryptographic SPIFFE ID (e.g. spiffe://tenant-uuid/agent/.../agent-name) by the SPIRE agent. This identity is embedded in the delegated token, making it unforgeable and cryptographically verifiable.
How It Fits Together
User configures → Role Binding + Allowed Scopes
↓
Agent requests token specifying needed scopes
↓
AuthSec checks: role binding ∩ allowed scopes ∩ requested scopes
↓
Token issued with only the intersection — nothing more
When to Use Trust Delegation
Use trust delegation whenever an AI agent or autonomous workload needs to:
- Call internal APIs or data services on a user's behalf
- Write results, logs, or artifacts to a storage system
- Interact with downstream services in a multi-agent pipeline
- Perform scheduled or event-driven tasks without a human in the loop
Next Steps
- Getting Started — Prerequisites and the end-to-end flow
- Assign Roles to the Agent — Create role bindings
- Configure Allowed Scopes — Cap what the agent can request
- Request a Delegated Token — How the agent gets and uses a token
- Best Practices — Security guidelines and troubleshooting